package com.hxz.lesson02;

import com.hxz.lesson02.utils.JdbcUtils;

import javax.security.auth.login.LoginContext;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class SQLzhuru {
    public static void main(String[] args) {
        // 正常登录
        //login("hahahaha","123456");
        // 非正常
        login("' or '1=1","' or '1=1");
    }

    //登录业务
    public static void login(String username, String password) {
        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;

        try {
            conn = JdbcUtils.getConnection(); // 获取数据库连接
            st = conn.createStatement(); // 获取sql的执行对象
            String sql = "SELECT * FROM users WHERE NAME='"+username+"' and PASSWORD='"+password+"'";
            rs = st.executeQuery(sql);
            while (rs.next()){
                System.out.println("NAME="+rs.getObject("NAME"));
                System.out.println("PASSWORD="+rs.getObject("PASSWORD"));
                System.out.println("=======================");
            }
        } catch (SQLException throwables) {
            throwables.printStackTrace();
        } finally {
            JdbcUtils.release(conn,st,rs);
        }
    }
}
